Skip to content

ci: run as much of release workflow as possible in PRs #360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
auxesis merged 5 commits into from
Jan 30, 2026
Merged

ci: run as much of release workflow as possible in PRs #360

auxesis merged 5 commits into from
Jan 30, 2026

Conversation

@auxesis
Copy link
Contributor

@auxesis auxesis commented Jan 29, 2026
edited
Loading

Currently we don't automatically test changes to the release workflow in PRs. This means we have to contort our PRs to test changes (by committing new triggers, then rewriting commit history to edit them out), or trigger several releases to test changes to the release workflow (essentially testing in prod).

This PR runs as much of the release workflow as possible in PRs, without publishing the final image to Docker Hub.

It also:

  • Adds comments in workflows explaining the intention of each job trigger
  • Locks version of cargo-binstall to one that builds (1.17.4 currently erroring at compilation time)
  • Upgrades mise in CI
  • Switches back to GitHub runner for arm64 (undoing ci: Run release jobs on Blacksmith #357), as the GitHub Actions arm64 runners are reliably several minutes faster

Acknowledgment

By submitting this pull request, I confirm that CipherStash can use, modify, copy, and redistribute this contribution, under the terms of CipherStash's choice.

Copilot AI review requested due to automatic review settings January 29, 2026 07:33
Copilot AI reviewed Jan 29, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables testing of the release workflow in pull requests by adding a pull_request trigger that activates when changes are made to the workflow file itself. It introduces conditional logic to run the workflow in "dry-run" mode for PRs, preventing the final multi-platform image manifest from being published to Docker Hub while still exercising most of the workflow steps.

Changes:

  • Added pull_request trigger for changes to the release workflow file
  • Added conditional DRY_RUN environment variable to skip publishing the manifest in PR mode
  • Added conditional execution for image inspection and Multitudes notification steps to only run on actual releases

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/release.yml Outdated
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
env:
DRY_RUN: ${{ case(contains(fromJSON('["push", "release"]'), github.event_name),"", "--dry-run") }} # run the `docker buildx` command with --dry-run if we're not publishing a release
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The function name case is not valid in GitHub Actions expressions. The correct function name is if. This line should use the ternary-like syntax: if(condition, value_if_true, value_if_false).

The expression should be:
${{ if(contains(fromJSON('["push", "release"]'), github.event_name), '', '--dry-run') }}

Without this fix, the workflow will fail when it tries to evaluate this expression.

Suggested change
DRY_RUN: ${{ case(contains(fromJSON('["push", "release"]'), github.event_name),"", "--dry-run") }} # run the `docker buildx` command with --dry-run if we're not publishing a release
DRY_RUN: ${{ if(contains(fromJSON('["push", "release"]'), github.event_name), '', '--dry-run') }} # run the `docker buildx` command with --dry-run if we're not publishing a release

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@auxesis auxesis Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Embarrassingly wrong.

@auxesis
fix(ci): lock version of cargo-binstall to one that builds
3935fde
@auxesis
chore: upgrade mise in CI
06d27ef
@auxesis
ci: switch back to GitHub runner for arm64
711466f 
Because it's faster
@auxesis
ci: run the release workflow when changes in PRs
2d5fde1 
This won't publish the image, but it will build as much of it as
possible, and indicate if the release may fail.
@auxesis auxesis force-pushed the ci/run-minimal-release-workflow-on-change branch from 2e8496d to 2d5fde1 Compare January 29, 2026 12:54
@auxesis auxesis merged commit e9d037c into main Jan 30, 2026
8 checks passed
@auxesis auxesis deleted the ci/run-minimal-release-workflow-on-change branch January 30, 2026 02:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@calvinbrewer calvinbrewer calvinbrewer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@auxesis @calvinbrewer